Jeecg boot

This hub aggregates every CVE we track for Jeecg boot, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Jeecg boot.

• CVE-2024-40489There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HT...9.8Apr 1, 2026
• CVE-2024-43028A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.9.8Apr 1, 2026
• CVE-2026-2945JeecgBoot uploadImgByHttp server-side request forgery6.3Feb 22, 2026
• CVE-2026-2822JeecgBoot Backend airag_app,1,create_by sql injection6.3Feb 20, 2026
• CVE-2026-2555JeecgBoot Retrieval-Augmented Generation AiragKnowledgeController.java importDocumentFromZip deserialization5.0Feb 16, 2026
• CVE-2026-2111JeecgBoot Retrieval-Augmented Generation edit path traversal4.3Feb 7, 2026
• CVE-2026-1746JeecgBoot Online Report API loadDictItemByKeyword sql injection6.3Feb 2, 2026
• CVE-2025-15126JeecgBoot getPositionUserList improper authorization3.1Dec 28, 2025
• CVE-2025-15125JeecgBoot queryDepartPermission improper authorization3.1Dec 28, 2025
• CVE-2025-15124JeecgBoot list getParameterMap improper authorization3.1Dec 28, 2025
• CVE-2025-15123JeecgBoot datarule improper authorization3.1Dec 28, 2025
• CVE-2025-15122JeecgBoot datarule loadDatarule improper authorization3.1Dec 28, 2025
• CVE-2025-15121JeecgBoot getDeptRoleByUserId information disclosure2.4Dec 28, 2025
• CVE-2025-15120JeecgBoot getDeptRoleList improper authorization3.1Dec 28, 2025
• CVE-2025-15119JeecgBoot list queryPageList improper authorization3.1Dec 28, 2025